||February 16, 2009
Guide to Internal Audit FAQ: Table of Contents
View and download the entire booklet
The Internal Audit Profession
Starting an Internal Audit Function
- Internal auditing?
- How is the internal audit profession regulated?
- Is continuing professional education (CPE) required for internal auditors?
- Are internal auditors required to be certified?
- Are there professional standards that govern the practice of internal auditing?
- Are internal audit functions required to follow the IIA Standards?
- What are The IIA Practice Advisories?
- What jurisdiction do the SEC and the PCAOB have over internal auditors?
- Can existing employees become internal auditors?
- What personal qualities, knowledge and skills should internal auditors possess?
- Do internal auditors have to comply with any professional ethics requirements?
- How much should a company spend on internal audit?
- Are there industry groups for internal auditors?
- Isn’t internal auditing a duplication of what external auditors do?
- How is “independence” defined differently for internal auditors and external auditors?
- What role and responsibility to internal auditors have for fraud?
- Are there university programs in internal auditing?
- What is the Common Body of Knowledge?
The Process of Internal Auditing
- How do we start an internal audit function?
- How should an internal audit function be staffed?
- To whom should the head of internal audit report?
- Can employees in the company participate in internal audits?
- What are the pros and cons of outsourcing/co-sourcing internal audit?
- Where do I get more information on internal auditing?
Performing a Quality Assessment Review
- How is internal audit work actually performed?
- Should an internal audit function consider information technology risks?
- What types of IT audit skills should be included in an internal audit department?
- What should we look for in an internal audit report?
- What is control self-assessment (CSA)?
- Is there a standard definition for internal controls?
- How does the COSO internal control framework relate to internal auditing?
- Are internal auditors required to follow COSO?
- What is the COSO ERM framework and what is its relevance to internal auditing?
- Are there specific performance measures for internal auditing?
- Should internal audit departments consider using an automated work paper software package?
- What factors should internal audit consider when issuing an opinion on internal control?
- What is an integrated audit?
- What is continuous monitoring and how does it strengthen the internal audit process?
- How can internal audit assist in developing and maintaining an effective corporate governance environment?
- To what degree should the internal audit function coordinate its activities with its external audit firm?
- What should the role of internal audit be in connection with a company’s compliance efforts?
- Should an internal audit function coordinate its efforts with the company’s chief risk officer?
- What should the role of internal audit be in evaluating a company’s use of outsourced services?
Internal Audit’s Role in Sarbanes-Oxley Compliance
- Should internal audit conduct a quality assessment review (QAR) periodically?
- How does completing a quality assessment review strengthen the value internal audit brings to the organization?
- What types of assessments are available to comply with quality assessment review requirements?
Management and Audit Committee Considerations
- Does the Sarbanes-Oxley Act of 2002 require companies to have an internal audit function?
- Should internal auditors play a role in our Sarbanes-Oxley activities?
- How has the role of internal audit in Sarbanes-Oxley compliance changed since the inception of the legislation in 2002?
- Is an ineffective internal audit function a significant deficiency under Section 404 of Sarbanes-Oxley?
- Are there alternative structures to consider outside of internal audit when planning ongoing compliance with Sarbanes-Oxley?
- Is it important for an internal audit function to adhere to The IIA Standards as it relates to Sarbanes-Oxley?
- Can external auditors rely on the work of internal auditors relating to Section 404 compliance?
- What does it mean to “rebalance” the internal audit function?
- Why should companies evaluate the need to rebalance their internal audit functions?
- How should organizations align their Sarbanes-Oxley and internal audit resources to achieve effective rebalancing?
External Auditor Considerations
- How can management utilize internal audit most effectively?
- What should the audit committee’s relationship be with an organization’s board of directors, compensation committee, disclosure committee, and nominating and governance committee?
- What is the audit committee’s role with respect to establishing and monitoring corporate governance practices?
- What is an audit committee’s role with respect to the internal audit function?
- Should executive sessions (without management present) be held with the internal auditors as part of an audit committee meeting?
- What should internal audit report to the audit committee?
- What is the audit committee’s role in evaluating the chief audit executive (CAE)?
- How should the audit committee evaluate the effectiveness of internal audit?
- What is the role of the audit committee in evaluating the role of the external auditor?
The NYSE Internal Audit Requirement
- Can we use our external auditors to perform internal audit work?
- Can external auditors rely on the work of internal auditors in connection with their financial statement audit?
- Do all internal audit reports need to be reviewed by the external auditor?
- Can a company’s external auditors perform an external quality assessment review of the company’s internal audit function?
- What companies are impacted by the SEC’s approval of the NYSE rules?
- What do the NYSE rules require?
- Does the NYSE provide listed companies with any instructions or guidance beyond the rule requiring an internal audit function?
- When are rules effective?
- When and how does this rule regarding internal audit apply to companies transferring from another stock exchange?
- Most foreign private issuers comply with this rule?
- Does the rule apply to companies with public debt?
- Does the rule affect other stock exchanges and private companies?
- Are there similar proposals in process requiring an internal audit function for companies listed on other exchanges in the United States?
- When and how does this rule regarding internal audit apply to initial public offerings (IPOs) listed on the NYSE?
- Does this rule require a company to hire new employees?
- What is required if a company already has an internal audit function?
- Can part-time internal auditors meet the NYSE rule?
- How will NYSE-listed companies be expected to demonstrate compliance with the internal audit rule?
- Does the rule require a written internal audit charter?
- Does the NYSE rule require that The IIA Standards be followed?
- Have internal audit functions been required previously?
- Is there any minimum amount of expenditure or effort required under the NYSE rule?
- What must a company have in place by the effective date of the NYSE rule?
- Is a formal risk assessment required? Is there a preferred framework to be utilized by the internal audit function, such as the COSO internal control framework and COSO ERM framework?
- What are other authoritative views strongly recommend the establishment of an independent internal audit function?